Announcement: What's happening on Valhalla

Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 154

Hi everyone,

You may have noticed a few changes in the last week on Valhalla. Here are some of the things we've done:

We're now using a CDN
We've started using Cloudflare now for caching and DNS. This should potentially speed up the site a little since static content is now cached by the edge servers. Additionally it may have a larger benefit for some of our more distant users in places like India since their ping time to the edge servers will be much lower now.

Since all communication with our servers now goes via Cloudflare we needed to locate the real user IP from the headers they provide. This is important for the security measures we have in place for flood protection (to prevent someone from filling up the database with thousands of posts for example) and our prevention for session fixation and session stealing (by linking the session to the user's IP). If anyone notices any issues with odd behavior now, please let me know.

We're using HTTPS
We've finally made the switch everywhere to HTTPS! We always supported HTTPS, but didn't advertise it much since our self-signed certificate always produced warnings in the browser, but we now have a proper valid certificate.

This is the case now for all our sites; on Valhalla and IP Info there is a redirect in place to require that everyone uses HTTPS, and for Voodoorage and Core Utils Documentation the redirect is not yet there but the certificate is.

The benefits of using TLS are clear, but we expect a few downsides as well. Here are a few of the issues we've seen so far:

  • We had to go through everywhere and switch the URLs of included resources (images, css, etc.) to HTTPS to prevent the warning of mixed content loading. In the forum this is likely still present, but if anyone sees any other places we missed please inform me.
  • Old browsers (including outdated versions of curl) may run into this error: "curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure". The solution there is to update your browser and to update your version of openssl.
  • The above issue also seems to occur when syncing your profile with WeChall. I've already contacted their admin about this.

We now support HTTP/2
Valhalla now supports HTTP/2. Not every browser supports it yet, so not everyone will see any improvements. You can read about the benefits here.

A few little things we fixed:
While making the rest of these changes, we also fixed a couple of other little things:

  • Fixed a bug found in the core of Symfony2's routing which caused it that sometimes the edge-side includes were empty (e.g. there would be no login button, no list of online users, no forum threads list, etc.)
  • Discovered that Chrome prevents you from XSSing yourself in the XSS challenges. This has been solved now by setting the header "X-XSS-Protection" to false for the XSS and beginners challenges.

If anyone notices any issues related with the things mentioned in this post (or anything else of course), please either send me a PM or send a quick email at [email protected]